MW Welcomes Broo!

You Brooty!

Broo - Australia. Our Home. Our Beer.

As we all prepare for Australia day one man has set his goals helping all Australian’s ‘Live The Dream’. Kent Grogan is offering 10 shares for each carton of Broo beer purchased from his website come tomorrow. The idea behind this is to keep Broo 100% Australian owned and give each Australian the chance to take part in being a part of an Australian beer company. It’s also great to see the Broo team supporting the flood victims by offering to donate to those flood effected communities.

“Broo is 100% Australian owned and has the belief that beer is beer, great beer is better and we should all drink great beer. Broo stands for a lot of people. It’s for everyone who works hard, everyone who did, everyone who can’t, won’t or doesn’t need to. It stands for pride in our country and it’s dedicated to everyone who cared enough about this country to do something about it. It’s about having a go, getting it done, getting up and getting on with it. It’s a bloody road sign on a stubby of beer, nothing subtle about that, but deadly proud and broodifully honest. Come on the ride with us. Get onto the Broo. Stay on the Broo.”


Have a Session!

We wish Kent and the Broo team all the best and would like to know that we’ll be right behind them doing our part to keep Broo Australian owned. What better way to celebrate Australia day than to crack open a nice cold Broo and celebrate the country we live in.


Online / Secure / Shopping Cart

The CRELoaded Shopping Cart is now supported by MW! As always our merchants receive exactly what they demand from us. In your search for an easy to setup online secure shopping cart, make sure you have CRELoaded on your list of carts to check out.

What is CRELoaded?

CRE Loaded™ is much more than your average shopping cart. It’s the industry’s first downloadable ecommerce system that can easily make your store fully compliant with all Payment Card Industry (PCI) security rules.

Organize, manage and ship your products from your online store. Together with CRE Secure, your CRE Loaded 6.4 can safely and securely accept credit card transactions.” – CRELoaded

OK – I’ve got it. Now what?

In order to install the module review the README included with the module bundle which can found at our Developer Zone.

MW Payments - CRELoaded Module

We keep it simple! Enjoy.


We’re pleased to announce that Rebecca Fashion Lingerie have placed their website live today. The store now has an online presence as well as two physical stores located in Brisbane and Rockhampton.

Who is Rebecca Fashion Lingerie?

Rebecca Fashion Lingerie has been trading as an intimate apparel retailer for the past 20 years. There are 2 retail outlets that cater to both the metropolitan based women of Brisbane through a store at Toowong, and to the regional and country ladies via a store in Rockhampton.

Rebecca Fashion Lingerie provides a unique shopping environment – a sophisticated, elegant, yet comfortable space in which to buy not only practical and functional underwear but also beautiful lingerie, sleepwear and leisurewear.

Rebecca Fashion Lingerie products are sourced only from well respected local, national and international brands. This ensures the highest quality and finish to all purchases.

All store staff are trained fitters and are passionate about the product they sell and the service they provide to customers. Customers who prefer the convenience of online shopping, will also have access to knowledgeable staff via phone or email.

As well as being a store in its own right, the Rebecca Fashion Lingerie website showcases the latest lingerie fashion trends, provides tips for finding the perfect bra, and features the best selling new designs for the season.

I Want Lingerie!

Well we’re not going to stop you! Visit the website and enjoy the online shopping experience!

We’d like to wish Rebecca Fashion Lingerie the best of luck with their new website!

WP-eCommerce ONLINE!


We’re here today to announce that the Merchant Warrior Payment Gateway now supports WP-eCommerce. We’ve had numerous merchants ask that this product be supported and we can successfully say that you now have a module to play with!

What is WP-eCommerce?

This wordpress extension is the handy work of Dan Milward, Tom Howard and Jeffry Ghazally.

“The WP e-Commerce shopping cart plugin for WordPress is an elegant easy to use fully featured shopping cart application suitable for selling your products, services, and or fees online.

WP e-Commerce is a Web 2.0 application designed with usability, aesthetics, and presentation in mind.

Perfect for:

  • Bands & Record Labels
  • Clothing Companies
  • Crafters & Artists
  • Books, DVDs & MP3 files”

How can I integrate with it?

We’ve made it as simple as possible. If you head to our Developer Zone you will be able to download the module directly to your WP-eCommerce shopping cart and begin processing payments through the Merchant Warrior Payment Gateway! Happy Integrating!

Virtuemart 1.1.5

What is Virtuemart?

“VirtueMart is an Open Source E-Commerce solution to be used together with a Content Management System (CMS) called Joomla!. Joomla! and VirtueMart are written in PHP and can be used in typical PHP/MySQL environments.” – Virtuemart

What do our integrators have to say about us?

Are you thinking about integrating your project or application with Merchant Warrior? Are you wondering about how complex an integration with our advanced Payment Gateway may be? Here’s what Max Milbers, the Project Leader of the Virtuemart shopping cart had to say about his experience of integrating the Merchant Warrior Payment Gateway. He also mentions how the Merchant Warrior Token Payments product will be integrated in a future release of Virtuemart.

“As I started to implement the MerchantWarrior payment plugin for virtuemart, I didn’t have any knowledge about the idea and security concept of MerchantWarrior. I expected a complex security concept and high requirements.

Merchantwarrior gave me some easy to read pdfs describing the system. The idea behind the Token system is that a customer uses its credit card information only once and crucial information is not stored at the shop. But the customer is able to reuse the credit card without entering the data again.

When a shopper uses its credit card the first time, Merchantwarrior creates a unique id (token), which only works for one shop. Normally when a shop gets hacked, all stored credit cards must be frozen, replaced and deleted. This is a big damage for the credit card institutes and the shopper. The security gain using Merchantwarrior is that the information stored at the shop, fits only to one shop in the world and has nothing to do with the normal credit card data. This is a very good security gain.

Virtuemart 1.1 series works now with the more simple solution without token. Virtuemart 1.5 will support the advanced system which makes it possible to store different credit card tokens at the shop.”

– Max Milbers (Projectleader

We will definitely keep you updated with the future releases of the Virtuemart plugin for Merchant Warrior and the ability to take advantage of Token Payments.

All merchants that are implementing a fresh installation of virtuemart 1.1.5 will be able to select Merchant Warrior as their Payment Gateway quite easily. For those merchants that are upgrading from an earlier version of Virtuemart the following steps should be taken to enable Merchant Warrior as your Payment Gateway:

  1. Go the Admin Panel of Virtuemart in the Joomla backend.
  2. Go to the topic store and click “Add Payment Method”.
  3. Give your payment method a name, ensuring that you enter the correct code (MW).
  4. Choose a payment class name – “ps_merchantwarrior”.
  5. Set the Payment Method Type to “Use Payment Processor”.
  6. Enable the default Credit Cards.
  7. Go to the Configuration tab to set your Merchant ID and Merchant Password.

Virtuemart and Merchant Warrior

If you have any issues during this process feel free to contact the Merchant Warrior Support Team.

Happy Integrating!

MW says GIMME!


Gimme Shopping Search AustraliaThe BEST way to shop online

Merchant Warrior is proud to support one of its clients in their new venture into the online shopping space. We believe that this is a great service that will not only benefit consumers but also benefit our merchants that are looking for greater exposure.

What is Gimme.Com.Au?

Gimme Shopping is an exciting new Australian shopping search and comparison service. The biggest problem for shoppers when using current shopping search sites is that they display results based on how much stores are paying them, not necessarily the best or cheapest results.  This means that shoppers are misled into thinking the products displayed at the top of search results are better, when in fact they are simply the stores who pay the most for a click.

While misleading search results should be a concern for shoppers, there are issues for online stores as well. Major shopping search services use a Pay Per Click (PPC) model to charge stores who list with them. This means that online stores pay for traffic in the form of clicks, even when the clicks are from a competitor checking prices or a customer simply doing research which don’t generate a sale.

Gimme Shopping’s unique model solves these problems.  At Gimme Shopping our results are pure and based only on matches to relevant product information such as product names and descriptions. Gimme Shopping prefers to use a Pay Per Sale (PPS) model whereby commission is only paid on verified sales, and at a rate set by the online store.  This is a much fairer model, and is risk free for online stores who don’t want to pay for traffic with no guarantee of results.

The Gimme Shopping performance based model certainly seems to have hit a chord with online stores with over 1000 stores partnering with Gimme in the first 6 months providing shoppers with easy access to millions of products across a huge range of categories including Electronics, Digital Cameras, Fashion, Wine and Home & Garden.

Visit Gimme Shopping to get the best results for products from a huge range of Australian online stores.  Research products before you buy and compare products and prices from Australia’s largest and fastest growing online shopping network.

Sign me up!

Merchants looking to increase their exposure and join Gimme’s increasing list of online stores should do so by clicking here for further information.

We wish the best of luck!

Interchange Fees

What are Interchange Fees?

As a merchant, seeing the word “Fees” would not be something out of the ordinary. One fee that most merchants would not have heard a lot about is Interchange Fees. It’s important to note that Interchange Fees are also referred to as a “swipe-fee” at times.

In order to fully understand Interchange Fees it’s always helpful to clearly understand the meaning of a Merchant Service Fee (MSF).

As a merchant you’ll notice that you will have been given a MSF from your Bank. The MSF is a % fee which is taken from each of your transactions and is held by your Bank. As most of you will know, the MSF that each merchant receives will be different and is calculated according to a number of different factors such as:

Risk – The risk that is involved with your business.

This does not necessarily focus on the industry that your business operates in. Some of you may deem a high risk merchant as an adult store or a merchant selling pharmaceutics online and that’s correct. However, how about a merchant selling jewelery online? Or a merchant that offers a yearly subscription for its services? These merchants may not necessarily be in a high risk industry but there is a certain element of risk involved in processing their transactions due to the high possibility of chargebacks occurring.

Volume – This is the total revenue that you will be able to generate with your merchant facility.

Transaction Volume – This is the total number of transactions that you will process through your merchant facility.

Card Type – This refers to the different types of credit/debit cards that you will accept with your facility. How many of your transactions will come from Standard/Domestic Credit Cards? How many will come from International or Premium Credit Cards?

There are a lot of other factors that the Bank will take into account when working out a merchant’s MSF, however, let’s pay close attention to the last item on the list above – “Card Type”. So you’re probably wondering why your Bank cares about the different types of credit/debit cards you’ll be accepting? It’s all plastic – so same thing right? That, my friends would be logical. And as we all know when it comes to financial institutions, and the schemes, logic is never an option!

Just as you, the merchant, has to pay fees to your Bank, your Bank too has to pay fees to the Card Schemes (VISA, MasterCard, American Express, JCB, Diners Club). The fees that are associated with each transaction are known as Interchange Fees (or as we mentioned earlier “swipe-fees”). The Interchange fees differ depending on the industry type and card type and are subject to change whenever the Card Schemes deem necessary.

The good news is that the Interchange Fees for VISA and MasterCard are public. Please see below for the links to each of the corresponding Card Scheme Interchange Fees:

Things may make a little more sense now. If you’ve ever wondered why your Bank has a higher rate for international transactions as opposed to domestic transactions, you’ll now realize that it’s due to the Interchange Fees.

Now when someone mentions Interchange or the term “Interchange Fees” you’ll know exactly what they’re talking about. Even better, you’ll now understand the importance of this article: Retailers score in swipe fee fight with credit card giants.

For all merchants – we’ll be keeping our fingers crossed for you!

PCI Compliance In A Nutshell

What is PCI DSS Compliance?

At some point during the running of your online store you will most definitely be asked some of the following questions: “Are you PCI Compliant?”, “What level of compliance do you adhere to?”, “Have you filled out your Self Assessment Questionnaire?”. The list can go on but in order to answer these questions correctly it’s best to know exactly what is being asked and to understand what PCI DSS Compliance is all about and the importance that this has upon you as a merchant.

Let’s get some of the common questions out of the way in bullet form and then we’ll move onto explanations:

Q: What does PCI DSS Compliance stand for?

A: PCI DSS stands for “Payment Card Industry Data Security Standard” which is governed by the Payment Card Industry Security Standards Council. The PCI DSS is supported by VISA, MasterCard, American Express, Discover & JCB.

Q: Why is PCI DSS Compliance so important?

A: The PCI DSS was created to prevent credit card fraud and to secure sensitive credit card information that merchants deal with. The idea of the standard is to ensure that merchants are doing their best to protect their customer credit card information. The penalties for noncompliance can be deadly to a small business. Noncompliance results in the payment brands (VISA, MasterCard, American Express, Discover & JCB) issuing a fine between $5,000 to $100,000 per month to the acquiring bank. In most cases the acquiring bank will then pass these fines onto the merchant, terminate the merchant or increase the merchant’s transaction fees significantly.

Q: Do I need to be PCI DSS Compliant to run an online store?

A: If you process, transmit or store credit card information then you will be required to be PCI DSS Compliant.

Q: I’ve never heard of this and have been running an online business for years with no problems. Is this all just jargon?

A: The payment brands as well as your acquiring bank can choose to audit your online business at their discretion. The PCI DSS has been in motion since 2004 and even though Banks are often slow movers they are beginning to understand the importance of PCI DSS Compliance. Banks are issued with heavy fines for boarding non compliant merchants and it’s in there best interest to protect themselves. It’s always better to protect your customer information as much as possible and also protect yourself from the penalties that are imposed for noncompliance.

With the common questions out of the way let’s move onto some explanations.

Do I need to be PCI DSS Compliant?

The Payment Card Industry Security Standards Council states that:

“PCI DSS requirements are applicable if a Primary Account Number (PAN) is stored, processed, or transmitted. If PAN is not stored, processed or transmitted, PCI DSS requirements do not apply.”PCI Security Standards Council (Article #5378)

The PAN specifically refers to your customer’s credit card number. If your shopping cart or billing software requires you to store the credit card information locally on your own servers then you will be required to follow the PCI DSS requirements. If you are processing or transmitting your customer’s credit card numbers across your network, over the phone or even to a third party provider then you will once again be required to follow the PCI DSS requirements.

A lot of merchants will feel that they do not need to follow the PCI DSS requirements because they do not store any credit card numbers locally on their systems. This is a common misconception and it’s important to understand exactly what “processing” and “transmitting” credit card numbers actually means. A primary example is that of a company that accepts credit card numbers from their customers over the phone. The company may not be storing the customer’s credit card number locally but they are still receiving the credit card number from the customer in an unencrypted form. After the representative receives the customer’s credit card number over the phone they will then (in most cases) enter the credit card number and customer details into a payment application which will send the credit card number directly to a Payment Gateway (such as Merchant Warrior). It is at this point that the merchant is “transmitting” the PAN (credit card number) and as such is still required to follow the PCI DSS requirements.

There are levels of compliance and it’s important to know where you factor into these levels. The following table is an extract from the PCI Security Standards Council FAQ:

Level/Tier Merchant Criteria Validation Requirements
1 Merchants processing over 6 million Visa transactions annually (all channels) or Global merchants identified as Level 1 by any Visa region.
  • Annual Report on Compliance (“ROC”) by Qualified Security Assessor (“QSA”)
  • Quarterly network scan by Approved Scan Vendor (“ASV”)
  • Attestation of Compliance Form
2 Merchants processing 1 million to 6 million Visa transactions annually (all channels)
  • Annual Self-Assessment Questionnaire (“SAQ”)
  • Quarterly network scan by ASV
  • Attestation of Compliance Form
3 Merchants processing 20,000 to 1 million Visa e-commerce transactions annually
  • Annual SAQ
  • Quarterly network scan by ASV
  • Attestation of Compliance Form
4 Merchants processing less than 20,000 Visa e-commerce transactions annually and all other merchants processing up to 1 million Visa transactions annually
  • Annual SAQ recommended
  • Quarterly network scan by ASV if applicable
  • Compliance validation requirements set by acquirer

Slow down! What’s a QSA? What’s this SAQ? What’s an ASV?

A QSA is simply a bunch of people who are not very nice. That’s what you’d expect anyway considering they are auditors. Merchant Warrior were lucky enough to work with Securus Global who seem to have a bit of life to them and were readily available to assist us in achieving our Tier 1 PCI DSS Compliance. QSA’s carry out on-site audits or consultation to help merchants or providers achieve PCI DSS Compliance.

SAQ refers to a Self Assessment Questionnaire. This is a document which has a list of requirements that merchants should be following. The SAQ must be filled in and submitted to either your bank or your QSA for verification. It’s best to check with your bank for exactly what your PCI DSS requirements are as they change from bank to bank.

ASV – it’s all in the name. An approved scanning vendor – they simply provide merchants with network scans to make sure that your basic external security is in tact. We choose to use McAfee Secure but there are many other ASV’s available and a list can be found here.

There are ways to reduce the risk of credit card fraud and even exclude your online business from being subject to the PCI DSS requirements. We’ll discuss this in the next section but before proceeding it’s important to note that although PCI DSS requirements may not apply to you, you should still secure your network and payment applications to the best of your ability. There is a major difference between being secure and being PCI DSS Compliant.

How can I achieve PCI DSS Compliance?

Merchant Warrior provides merchants with a number of products to help them achieve and maintain the highest level of PCI DSS Compliance. In case you’re wondering what allows us to develop and market PCI DSS Compliant products – it’s the fact that we are a certified level 1 PCI DSS Compliant payment provider. A certificate that verifies this can be found here.

The first step in achieving PCI DSS Compliance is working out exactly what personal customer information your business is required to keep on file. Do you really need to store credit card details of your customers? If not – then don’t do it. Business owners often like to have as much information on customers as possible and this is completely understandable but storing the first and last 4 digits of a credit card number instead of the entire number for verification purposes is more than enough. Where possible keep your storage of ANY credit card information to an absolute minimal if any. Some business models or payment applications may require that the credit card number be accessible. Merchant Warrior provides storage facilities such as Token Payments to help merchants access credit card data without the requirement to store the data themselves. Please read the Token Payments page for further details.

So you’ve managed to get storage out of the way. Here’s a quick question to make sure you’re still paying attention – Now that you’re no longer “storing” any credit card information are you PCI DSS Compliant? NO! (highlight to the left of the brackets to see the answer).

It’s time to find how to avoid “processing” and “transmitting” credit card details. Merchant Warrior has two products which help merchants completely avoid processing or transmitting credit card details. The first of the two products is Hosted Payments. Put simply Merchant Warrior hosts a payment page on behalf of the merchant and when customers click the “checkout” or “process” button on the merchants website, they are redirected to the payment page that we host for the merchant. In this scenario the merchant never accepts or transmits any credit card information as all of this is handled by Merchant Warrior due to the payment page being hosted on our servers.

Right now there will be some merchants saying “Yes. I know about a hosted payment page. I hate it – I want the hosted payment page to be completely re-branded so that it looks like my website and doesn’t cause any confusion or generate any fear for my customers.” We heard you. That’s why with our Custom Development merchants are able to request a completely custom hosted payment page. We’ll design the page exactly as specified to us by the merchant.

Whoops. We’ve forgotten something. Some merchants right now are upset and are saying “I’m not paying for you to design my hosted payment page. I have my own development team and they’re damn good at what they do. Why on earth should I use you? Give me another option.” – Sure. We heard you too. For merchants that aren’t worried about diving into easy development we have a Transparent Redirect product which gives merchants all the benefits of a Hosted Payment Page except that they are able to host the page themselves and have it completely designed as they like. We won’t get into the technical aspects of this product and how it achieves PCI DSS Compliance and avoids merchants having to store, process or transmit any credit card data we’ll just leave it to you to check out the Transparent Redirect page because it explains how this is achieved.

It’s that easy! By choosing Merchant Warrior you can achieve PCI DSS Compliance in a number of ways and keep it simple. We have off the shelf products that can help as well as completely custom designed solutions that can be catered to your exact specifications. If you’re curious about PCI DSS Compliance and require some consultation we’re happy to put you in touch with our amazing QSA – Securus Global.

Please be honest. What do I get from this?

Honesty IS the best policy so here’s your answer: Achieving PCI DSS Compliance for your business should not be a question, it should be a necessity. Customers that deal with PCI Compliant online stores often feel a sense of safety as they know the merchant is doing what is required to ensure that their credit card information is stored, processed and/or transmitted securely at all times. Your bank will move quicker in establishing your merchant account once they recognize your level of compliance and willingness to protect your customers and you avoid heavy fines that could potentially put you out of business should a breach occur and noncompliance be the reason. All in all PCI DSS Compliance is not the devil – it’s here to help us as everyday online shoppers continue to do what we do freely in a secure environment.

Choosing Merchant Warrior as your PCI DSS companion will ease the process of establishing your business as a PCI DSS Compliant provider.